Hello, I want to apply a filter so i can search for packets with certain cumulative bytes. I know how to add a column with this information (preference-> columns) but I don't know what is the command for the filter. For example I want to know all the packets that have more than x cumulative bytes. A filter that I can use like a frame.time_relative filter. The point is that this must be a filter, not a graphic method, because later on I will need to implement this in a perl script (so i will have to use tshark) and extract those informations to a file (i.e. -e frame.time_relative or -e rtp.seq). Concerned beginner asked 10 Jul '14, 04:38  anhtuan showing 5 of 6 show 1 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
can you please define 'more than x cumulative bytes' in an example?
For example I can use a frame.time_relative > 10. In a similar way I want to use a filter to know from which packet the cumulative number of bytes is higher than x. Moreover later i will need to extract the entire column with cumulative bytes information so the name of the filter is essential for me.
As I said: can you please define 'more than x cumulative bytes' in an example?
"rtp.ssrc = 0x176EF98C and CUMULATIVE_BYTES > 30000". This is an example.
O.K. let me rephrase it: What exactly are cumulative bytes for you?
if you will go to wireshark -> edit -> preferences -> columns than there is a column with a field type "cumulative bytes". It's a number of bytes that have been "transmited" up till that packet.